/*
 * @Author: modefy
 * @Date: 2023-04-26 17:10:32
 * @LastEditors: modefy
 * @LastEditTime: 2023-04-26 17:13:07
 * @Description: Description
 */
package com.example.learn.controller;

import com.example.learn.dto.UserDto;
import com.example.learn.pojo.User;
import com.example.learn.service.UserService;
import com.example.learn.utils.JWTUtils;
import com.example.learn.utils.R;
import org.apache.ibatis.annotations.Param;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

@RestController
@RequestMapping("/admin")
class LoginController {

    @Autowired
    private UserService userService;

    @GetMapping("/name")
    public List<User> getHello(@Param("name") String name) {
        return userService.getKnowleDgeList();
    }

    @GetMapping("/noAuth")
    public R<String> noAuth(){
        return R.failed("未授权");
    }

    @GetMapping("/toLogin")
    public String toLogin(){
        return "请先登录";
    }

    @RequestMapping("/logout")
    public R<String> logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return R.success("退出登录");
    }

    /*
    *   获取用户信息
    * */
    @RequestMapping("/info")
    public R<User> getInfo(HttpServletRequest request) {
        JWTUtils tokenUtils = new JWTUtils();
        // 1、从请求头中获取token
        String token = request.getHeader("token");
        String name = tokenUtils.getTokenValueByKey(token, "username");
        // 根据用户名查找用户信息并返回
        User user = userService.getUserByName(name);
        return R.success(user, "success");
    }

    @RequestMapping("/login")
    public R Login(@RequestBody UserDto paramuser){
        //  获取当前用户
        Subject subject = SecurityUtils.getSubject();
        //  封装用户的登录数据
        UsernamePasswordToken token = new UsernamePasswordToken(paramuser.getUsername(), paramuser.getPassword());

        try{
            subject.login(token); // 执行登录方法
            User user = userService.getUserByName(paramuser.getUsername());
            if(!user.getPerms().equals("user:admin")){
                return R.failed("权限不足，请联系管理员！");
            }
//            返回JWT token
            JWTUtils tokenUtils = new JWTUtils();
            HashMap tokenMap = new HashMap();
            tokenMap.put("username", user.getName());
            tokenMap.put("permmison", user.getPerms());

            String usertoken = tokenUtils.getToken(tokenMap);

            Map usermap = new HashMap<>();
            usermap.put("token", usertoken);
            usermap.put("user", user);
            return R.success(usermap, "登录成功");
        }catch (UnknownAccountException e){
            return R.failed("该用户不存在");
        }catch (IncorrectCredentialsException e){
            return R.failed("密码错误");
        }
    }
}
